04-15-2009 5:26 AM
Hi
When we try to save any user id in ECC system, SOD OBJECT LEVEL violations check is starting and it is taking very long time.
Is the system trying to check the SOD voilations at all levels (user/role..) that are present in the system and any idea about how much time the violation check process is going to be run ??
Thanks
Ram
04-15-2009 5:51 AM
Ram,
Yes, it seems it checking SOD violations. It will be great if you can tell us what version of Access Control is installed. It seems you have turned on RT(Risk terminator).
Regards,
Alpesh
04-15-2009 5:51 AM
Ram,
Yes, it seems it checking SOD violations. It will be great if you can tell us what version of Access Control is installed. It seems you have turned on RT(Risk terminator).
Regards,
Alpesh
04-15-2009 7:14 AM
Hi Alpesh
Thanks for ur Reply.
We have installed Access Control 5.3 and the RT is turned on.
regards
Ram
04-15-2009 7:38 AM
HEllo Ram,
If this is coming and the analysis is being carried out, this means you have RT configured in your system for sure.
1. Is the system trying to check the SOD voilations at all levels (user/role..) that are present in the system
The level to which the check is made depends on the config that you have made in RT. This might be at SU01 or PFCG and other similar Xns or all of them.
2. any idea about how much time the violation check process is going to be run ??
There is no definite answer for this as this depends on lots of Parameters such as:
a) Number of Roles.
b) Number of Risks configured.
c) Memory paramaters defined.
d) Level to which risks are defined and the granularity of the same, etc.
A combination of all the above entities will finally determine how much time your analysis will take.
Regards,
Hersh.
04-15-2009 3:58 PM
Hello Ram,
As stated by Hersh and Alpesh that is RT which checks violations during role creation and user assignment.
You have the option to turn it OFF also. Go to transaction /VIRSA/ZRTCNFG and select No for the options like PFCG Plug in , SU01 Role Assignment Plug in etc.
Harleen
SAP GRC RIG
04-17-2009 8:44 AM
Hello Hersh & Harleen
Thanks for your reply
If we deactivate the PFCG & SU01 role assignment plug-ins in RT, can we perform the risk violations & risk, user, role analysis functionalities in RAR
regards
Ram
04-17-2009 3:09 PM
Ram,
There won't be any change or issue in performing risk analysis in RAR if you deactivate SOD check in the SAP backend system. The SOD check is more of a preventive solution and it is called risk terminator whereas RAR is a detective solution.
Regards,
Alpesh
04-20-2009 12:36 PM
Hello Ram,
Configuring and enabling RT just means you want to have a check on authorizations against Risks before they occur. You will still get to see the analysis from RAR regardless of whether you have RT or not. RT is nothing but a sort of mechanism for risk prevention at the source system.
Regards,
Hersh.